Encryption of Data Using AWS KMS
In this video you will understand how to store the data using encryption so that it remains secured even while it is stored in the database. You can use AWS KMS to store and manage the encryption keys so that you don't have to store the keys locally to encrypt and decrypt.
1. Enable Encryption
Create a Collection schema. If you haven’t created your collection yet, Click Here
Create a project and go to its Settings-> Data Encryption -> Enable Encryption. Choose Base64 Ebcryption from the dropdown and Update.
1.1 Open AWS Account
Open the AWS account to get the key details to encrypt and decrypt data. Search for Key Management Srrvice and select Create Key.
1.2 Keep the Default Settings
For this use case, keep the keys as default and press Next.
1.3 Configure the Key
Give a name to the key and add a description that is optional. Click Next.
1.4 Keys are Generated
The keys are genrated at this point and you can assign a user for them. Click Next.
1.5 Complete the Process
This step is complete now. Then click Finish.
2. Create a User with Access
Go to Security Credentials in the top right dropdown. From the left menu choose Policies for users. Choose Create Policy. You can choose the policies as per your preference and then click Next.
2.1 Choose Tags
You can choose the tags as per your preference and then click Next.
2.2 Review the Policy
Give a name to the policy and choose Create Policy.
2.3 Create a User
From the left menu choose Users. Choose Create User. Name the user. Then click Next.
2.4 Attach Policies to the User
Search for policies created and attached them to the user(s). Then click Next.
2.5 Review the User
review the details and choose Create User. This user has access to the KMS policies created.
3. Generate Access Keys
Go to Security Credentials tab and generate Access Keys and choose Create Access Key.
3.1 Choose the Service
Choose the appropriate service and agree with the terms and click Next.
3.2 Create Access Key
This is an optional step and you can simply choose Create Access Key.
3.3 Keys are Generated
The keys are generated and you can copy them from here to DrapCode. Then click Done.
3.4 Download the Credentials
You can download teh credentials for later use. Click Download .csv file.
4. Copy the Keys
Copy the acess and secret access keys generated before here.
5. Add the Region
Go to Key Management Service and check the region displayed on the top right and paste it. Then click Generate Data Key.
5.1 Copy the ARN
Go back to KMS and from the left menu choose Customer Managed Keys. Open the key details and copy the ARN from here.
5.2 Paste the ARN
Paste the ARN and choose Generate Data Key.
5.3 Add the Alogirthm
The ARN key is generated and choose the algorithm from the default dropdown and choose Update.
6. Add Field to Encrypt
Go back to your collection and add Add Fields to encrypt by choosing the Encrypted option and Save.
7. View the Changes
Now when you add any record the selected fields will be encrypted.
7.1 View Actual Data
To view actual value of encryoted data click Decrypt Item.
